CVE-2014-3054

Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Websphere_portal	Ibm	7.0.0.0 (including)	7.0.0.0 (including)
Websphere_portal	Ibm	7.0.0.1-cf003 (including)	7.0.0.1-cf003 (including)
Websphere_portal	Ibm	7.0.0.1-cf004 (including)	7.0.0.1-cf004 (including)
Websphere_portal	Ibm	7.0.0.1-cf005 (including)	7.0.0.1-cf005 (including)
Websphere_portal	Ibm	7.0.0.1-cf006 (including)	7.0.0.1-cf006 (including)
Websphere_portal	Ibm	7.0.0.1-cf007 (including)	7.0.0.1-cf007 (including)
Websphere_portal	Ibm	7.0.0.1-cf008 (including)	7.0.0.1-cf008 (including)
Websphere_portal	Ibm	7.0.0.1-cf009 (including)	7.0.0.1-cf009 (including)
Websphere_portal	Ibm	7.0.0.1-cf010 (including)	7.0.0.1-cf010 (including)
Websphere_portal	Ibm	7.0.0.1-cf019 (including)	7.0.0.1-cf019 (including)
Websphere_portal	Ibm	7.0.0.2 (including)	7.0.0.2 (including)
Websphere_portal	Ibm	7.0.0.2-cf011 (including)	7.0.0.2-cf011 (including)
Websphere_portal	Ibm	7.0.0.2-cf012 (including)	7.0.0.2-cf012 (including)
Websphere_portal	Ibm	7.0.0.2-cf013 (including)	7.0.0.2-cf013 (including)
Websphere_portal	Ibm	7.0.0.2-cf014 (including)	7.0.0.2-cf014 (including)
Websphere_portal	Ibm	7.0.0.2-cf015 (including)	7.0.0.2-cf015 (including)
Websphere_portal	Ibm	7.0.0.2-cf016 (including)	7.0.0.2-cf016 (including)
Websphere_portal	Ibm	7.0.0.2-cf017 (including)	7.0.0.2-cf017 (including)
Websphere_portal	Ibm	7.0.0.2-cf018 (including)	7.0.0.2-cf018 (including)
Websphere_portal	Ibm	7.0.0.2-cf019 (including)	7.0.0.2-cf019 (including)
Websphere_portal	Ibm	7.0.0.2-cf020 (including)	7.0.0.2-cf020 (including)
Websphere_portal	Ibm	7.0.0.2-cf021 (including)	7.0.0.2-cf021 (including)
Websphere_portal	Ibm	7.0.0.2-cf022 (including)	7.0.0.2-cf022 (including)
Websphere_portal	Ibm	7.0.0.2-cf23 (including)	7.0.0.2-cf23 (including)
Websphere_portal	Ibm	7.0.0.2-cf24 (including)	7.0.0.2-cf24 (including)
Websphere_portal	Ibm	7.0.0.2-cf25 (including)	7.0.0.2-cf25 (including)
Websphere_portal	Ibm	7.0.0.2-cf26 (including)	7.0.0.2-cf26 (including)
Websphere_portal	Ibm	7.0.0.2-cf27 (including)	7.0.0.2-cf27 (including)
Websphere_portal	Ibm	8.0.0.0 (including)	8.0.0.0 (including)
Websphere_portal	Ibm	8.0.0.0-cf01 (including)	8.0.0.0-cf01 (including)
Websphere_portal	Ibm	8.0.0.0-cf02 (including)	8.0.0.0-cf02 (including)
Websphere_portal	Ibm	8.0.0.0-cf03 (including)	8.0.0.0-cf03 (including)
Websphere_portal	Ibm	8.0.0.0-cf04 (including)	8.0.0.0-cf04 (including)
Websphere_portal	Ibm	8.0.0.0-cf05 (including)	8.0.0.0-cf05 (including)
Websphere_portal	Ibm	8.0.0.1 (including)	8.0.0.1 (including)
Websphere_portal	Ibm	8.0.0.1-cf04 (including)	8.0.0.1-cf04 (including)
Websphere_portal	Ibm	8.0.0.1-cf05 (including)	8.0.0.1-cf05 (including)
Websphere_portal	Ibm	8.0.0.1-cf06 (including)	8.0.0.1-cf06 (including)
Websphere_portal	Ibm	8.0.0.1-cf07 (including)	8.0.0.1-cf07 (including)
Websphere_portal	Ibm	8.0.0.1-cf08 (including)	8.0.0.1-cf08 (including)
Websphere_portal	Ibm	8.0.0.1-cf09 (including)	8.0.0.1-cf09 (including)
Websphere_portal	Ibm	8.0.0.1-cf12 (including)	8.0.0.1-cf12 (including)
Websphere_portal_unified_task_list_portlet	Ibm	6.0.1 (including)	6.0.1 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3054
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References